Third-Party Cybersecurity Strategies Critical to Preparedness

This article examines the guidelines published by Board of Governors of the Federal Reserve System on managing outsourcing risk, along with the Office of the Comptroller of the Currency (OCC) 2013 OCC Bulletin 2013-29 and the supplemental Jan. 24, 2017, examination procedures, which are designed to help bank examiners tailor the examinations of national banks and federal savings associations determine the scope of the third-party risk management examination.

Share with Email

sending now...

Thank you for sharing!

Your article was successfully shared with the contacts you provided.

Understanding third-party service provider relationships and the security risks they present to any organization is an essential element of cybersecurity planning. Bad actors continue to exploit the risks presented by third-party service providers that maintain access to corporate-owned information systems. Over the last several years, companies have found themselves the victim of costly and high profile data breaches occurring as a result of a third-party service provider’s security failures. See, e.g., In re Target Corp. Data Sec. Breach Litig., 66 F. Supp. 3d 1154 (D. Minn. 2014); In re: The Home Depot, Inc., Customer Data Sec. Breach Litig., No. 1:14-MD-2583-TWT, 2016 WL 2897520, at 1 (N.D. Ga. May 18, 2016).

To continue reading, become a free ALM digital reader

Benefits include:

3 free articles* across the ALM subscription network every 30 days

Exclusive discounts on ALM events and publications

Your choice of 9 email alerts with Breaking News from any of LJN’s best-selling newsletters

Read These Next

Governments and businesses alike are considering how to leverage new technologies to make contact tracing efforts more effective by digitally monitoring our social interactions and physical locations. But such innovative contact tracing methods raise a host of privacy concerns, forcing a reckoning with how we balance privacy and public health.

For users of biometric information subject to BIPA’s rigorous requirements, the last two years have brought mostly bad news, most notably a smattering of unfavorable decisions on the question of whether plaintiffs must suffer an injury in order to avail themselves of BIPA. Against this backdrop, however, courts have issued decisions on other aspects of BIPA

The Conclusion of the “Transitional Period” for New York’s Cybersecurity Regulation Marks the Beginning, Rather Than the End, of an Organization’s Compliance Efforts

Financial institutions will have to certify annually that their internal controls and cybersecurity practices remain up to snuff. And now that the transitional periods for implementing the cyber regulation have passed, covered institutions will need to certify that they have complied with each provision.

Law Firms Partner With the Big Four to Serve Their Clients, But the Accountants Pose an Existential Threat. What Will Happen If — or When — They Turn Competitive?

For law firm leaders, rank-and-file partners and everyone else in the law firm ecosystem, the Big Four shouldn’t be a laughing matter. They are serious about selling legal services, and clients are listening.